FBI: UNC6040 and UNC6395 Target Salesforce Instances to Steal Data and Extort Victims Summary of the FBI FLASH alert The FBI has issued a FLASH warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations’ Salesforce environments to steal data and extort victims. The advisory raises immediate concern for enterprises that rely…
HybridPetya Ransomware Can Circumvent UEFI Secure Boot to Modify EFI System Partition Overview A recently reported ransomware strain known as HybridPetya is capable of bypassing the UEFI Secure Boot mechanism to place a malicious application on the EFI System Partition (ESP). The ability to write to the ESP and persist at or before the operating…
Three Immediate Priorities During a Cyberattack: Clarity, Control, Lifeline Overview When a cyberattack begins, response speed and the sequence of actions determine whether an organization contains damage or faces prolonged disruption. A concise framework highlighted by Acronis TRU — clarity, control, and a lifeline — captures the immediate priorities MSPs and IT teams need to…
Microsoft resolves streaming lag and stutter introduced by August 2025 Windows updates Summary of the incident Microsoft has resolved severe lag and stuttering issues that affected streaming software on Windows 10 and Windows 11 systems following the installation of the August 2025 security updates. Users reported degraded playback and interrupted live streams after the update;…
US Charges Alleged Administrator of LockerGoga, MegaCortex, and Nefilim Ransomware Summary of the DOJ Action The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his alleged role as the administrator of three major ransomware operations: LockerGoga, MegaCortex, and Nefilim. This charging announcement aligns with an ongoing law-enforcement campaign to identify, charge,…
How CISOs Win Budget Approval: Framing Security as Business Risk Management Why the budget fight matters now It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized. For many organizations the security function remains a cost center competing with product development, sales initiatives, and operational efficiency projects. Yet the consequences of underfunding security…
Salesloft GitHub Account Compromise Triggered Drift Supply‑Chain Breach, Mandiant Says Summary of the incident Salesloft has disclosed that the chain of events behind a data breach tied to its Drift application began with the compromise of a Salesloft GitHub account. Google-owned Mandiant, which investigated the incident, reported that the threat actor tracked as UNC6395 accessed…
Drift Breach and a Week of Active Zero‑Days: What Security Teams Must Do Now Overview — this week’s headlines Cybersecurity coverage this week was dominated by two interlocking themes: a high‑visibility breach involving the conversational marketing vendor Drift, and a wave of active zero‑day exploits prompting urgent patch warnings. Reporting and vendor advisories emphasized the…
SVG-based phishing campaign impersonates Colombian judiciary to deliver malware The campaign: what VirusTotal uncovered Security researchers at VirusTotal have identified a phishing campaign that hides malicious content inside Scalable Vector Graphics (SVG) files. The SVGs are designed to render convincing portal pages that impersonate Colombia’s judicial system, and they act as delivery mechanisms for malware.…
Microsoft Enforces MFA for Azure Portal Sign‑Ins Across All Tenants What Microsoft changed Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign‑ins across all tenants since March 2025. Microsoft has been enforcing multifactor authentication for Azure Portal sign‑ins across all tenants since March 2025. The change applies to interactive access to…